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CLAIM AMENDMENTS 

1 . (Currently amended) A method of establishing a TCP/IP connection between a 
client and a server such that the server may better withstand a SYN flood attack, the method 
comprising: 

receiving a TCP SYN packet requesting the formation of a TCP/IP connection from a 
client, the TCP SYN including a source IP address of the client; 

allocating a small TCP control block (TCB) in memory to service a TCP/IP three-way 
handshake; and 

transmitting a TCP-ACK to the IP address of the client. 

2. (Previously presented) A method of establishing a TCP/IP connection between a 
client and a server such that the server may better withstand a SYN flood attack, the method 
comprising: 

receiving a TCP SYN packet requesting the formation of a TCP/IP connection from a 
client, the TCP SYN including a source IP address of the client; 

allocating a small TCP control block (TCB) to service a TCP/IP three-way 
handshake; 

transmitting a TCP-ACK to the IP address of the client; 

receiving an ACK from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 

thereafter notifying a socket layer of the TCP connection. 

3. (Original) The method of claim 2, further comprising caching route information 
for the client performed after receiving the ACK from the client. 

4. (Original) The method of claim 3, further comprising allocating a full TCB to 
service the TCP connection after receiving the ACK from the client. 
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5. (Original) The method of claim 2, further comprising allocating a full TCB to 
service the TCP connection after receiving the ACK from the client 

6. (Original) The method of claim 1, further comprising: 

receiving an ACK from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 
thereafter caching route information for the client. 

7. (Previously presented) A method of establishing a TCP/IP connection between a 
client and a server such that the server may better withstand a S YN flood attack, the method 
comprising: 

receiving a TCP S YN packet requesting the formation of a TCP/IP connection from a 
client, the TCP SYN including a source IP address of the client; 

allocating a small TCP control block (TCB) to service a TCP/IP three-way 
handshake; 

transmitting a TCP-ACK to the IP address of the client; 

receiving an ACK from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; 

thereafter caching route information for the client; and 

notifying a socket layer of the TCP connection performed after receiving the ACK 
from the client. 

8. (Original) The method of claim 1, wherein the step of allocating a small TCP 
control block (TCB) to service a TCP/IP three-way handshake comprises allocating a small 
TCB of size sufficient only to service the TCP/IP three-way handshake. 
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9. (Original) The method of claim 1, wherein the step of allocating a small TCP 
control block (TCB) to service a TCP/IP three-way handshake comprises allocating a small 
TCB of size insufficient to service the TCP connection. 

10. (Original) The method of claim 1, further comprising: 

receiving an ACK from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 

thereafter allocating a full TCB to service the TCP connection. 

11. (Original) A method of enhancing a server's ability to withstand a SYN flood 
attack, the method comprising: 

receiving a TCP SYN packet requesting the formation of a TCP/IP connection from a 
client having a source IP address; 

transmitting a SYN- ACK to the client at the source IP address; 
awaiting receipt of an ACK from the client at the source IP address; and 
thereafter notifying a socket layer of the TCP/IP connection. 

12. (Original) The method of claim 1 1, further comprising caching route information 
for the client after receipt of the ACK from the client. 

13. (Original) The method of claim 12, further comprising allocating a small TCP 
control block (TCB) after receiving the TCP SYN. 

14. (Original) The method of claim 13, further comprising allocating a full size TCB 
after receiving the ACK from the client. 

15. (Original) A method of enhancing a server's ability to withstand a SYN flood 
attack, the method comprising: 
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receiving a TCP SYN packet requesting a TCP/IP connection from a client; 
allocating a small TCP control block (TCB) of size sufficient only to service the 
TCP/IP connection request; 

transmitting a SYN-ACK to the client; 

delaying a notification of the TCP/IP connection request to a socket layer until an 
ACK is received from the client; and 

delaying a caching of route information for the client until the ACK is received from 
the client. 

16. (Original) The method of claim 15, further comprising: 
receiving the ACK from the client; and thereafter 

allocating a TCB of size sufficient to service the TCP/IP connection; 
notifying the socket layer of the TCP/IP connection; and 
caching route information for the client. 

17. (Original) A method of enhancing a server's ability to withstand a SYN flood 
attack, the method comprising: 

receiving a TCP SYN from a supposed client to establish a TCP connection; 

transmitting a SYN-ACK to the supposed client; and 

only upon and if receipt of an ACK from the supposed client: 

1) caching route information for the supposed client; and 

2) notifying a socket layer of the TCP connection. 

18. (Original) The method of claim 17, further comprising allocating upon receipt of 
the TCP SYN a small TCP control block (TCB). 
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19. (Original) The method of claim 18, wherein the small TCB is of size sufficient to 
service an establishment of a TCP connection and insufficient to service an actual TCP 
connection. 

20. (Original) The method of claim 18, further comprising, only upon and if receipt of 
an ACK from the supposed client, allocating a TCB of size sufficient to service the actual 
TCP connection. 



